Debug iPhone Traffic on Mac

As a developer you mostly work on a Mac. This page gives you two Apple-supported ways to debug your iOS app's network traffic from the Mac:

• Option A: RVI — capture real iPhone traffic on your Mac (Apple's official recommendation)
• Option B: make run_mac — a Mac-side local-proxy CLI shipped with this project (shares the exact iOS proxy stack)

Option A: RVI — capture real iPhone traffic on your Mac

Apple ships Remote Virtual Interface (RVI): plug your iPhone into your Mac via USB and a virtual network interface rvi0 appears on the Mac. Any packet the iPhone sends or receives can be captured from that interface. This is the most accurate way to inspect what your shipped app is doing, because it captures the exact same code running on the exact device.

Prerequisites

• iPhone connected to the Mac via USB / USB-C
• Xcode installed on the Mac (rvictl ships with it)
• Tap "Trust This Computer" on the iPhone at first plug-in

Steps

# 1. Find the device UDID
idevice_id -l
# or
system_profiler SPUSBDataType | grep "Serial Number"

# 2. Create RVI (replace <UDID>)
rvictl -s <UDID>

# 3. Capture with tcpdump
sudo tcpdump -i rvi0 -w iphone-traffic.pcap

# Or open Wireshark and pick the rvi0 interface.

# 4. Tear it down when done
rvictl -x <UDID>

Typical workflow

1. Open Wireshark on the Mac, pick rvi0
2. Launch your app (or Simple Interceptor itself) on the iPhone
3. Reproduce the scenario you're debugging
4. Inspect every TCP/UDP exchange in Wireshark; install a MITM root CA if you need HTTPS plaintext

Option B: make run_mac — a Mac-side local-proxy CLI

This project ships a native Mac CLI called simplemultiapp-mac. It reuses the same CoreLogic + leaf proxy engine as the iOS app and exposes a local SOCKS5 listener. Point curl / Wireshark / Proxyman / Charles at it and you can debug proxy behaviour, routing rules and subscription parsing directly on the Mac.

Build prerequisites

• Rust toolchain (rustup / cargo)
• leaf cloned next to this repo: git clone https://github.com/eycorsican/leaf.git ../leaf
• macOS 13+

Run

# Default: 127.0.0.1:1080 using bundled failover presets
make run_mac

# Custom port
PORT=7890 make run_mac

# Subscription
SUBSCRIPTION_URL="https://uni.sonicjs.com/inspired/sub?token=XXXX" make run_mac

# Custom leaf config
CONFIG=/path/to/leaf.conf make run_mac

Verify

curl -x socks5h://127.0.0.1:1080 https://httpbin.org/ip

Chain with Proxyman / Charles for HTTPS MITM

1. Start Proxyman/Charles (it registers itself as the system HTTP proxy)
2. In Proxyman's External Proxy section, set upstream SOCKS to 127.0.0.1:<PORT>
3. All HTTPS calls now tunnel through leaf first, then get MITM-decrypted by Proxyman

Architecture

The CLI does not touch system VPN or Network Extension — it simply opens a local SOCKS5 port that other apps opt into. As a result:

• No macOS System Extension permission, no code signing required
• iOS target is entirely unchanged (PacketTunnelProvider untouched)
• Ctrl-C exits cleanly

← Back to home